Re: client query logging (refused message)
In message , asd...@gmail.com writes: > 62.109.4.89 and 195.68.176.4 are compromized/attackers Actually they are more likely to be under attack. Make sure that you (and your ISP) have deployed the measures in BCP 38 to ensure that you are not the source of such a attack. Mark > See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux- > help/140848-var-log-messages-question.html > > Sample log entries: > Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query > (cache) './NS/IN' denied > Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query > (cache) './NS/IN' denied > Frequency: 40 to 90 queries from those hosts per minute. > > -- Chris > > > > On Feb 17, 2:19 pm, JINMEI Tatuya / ...@l@C#:H(B > wrote: > > At Tue, 17 Feb 2009 08:15:39 -0500, > > > > Matthew Huff wrote: > > > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view > > > external-in: query: . IN NS + > > > ... > > > > > logged, and I have verified that the query is refused, but nothing in the > > > log shows that it was refused. Is there anyway to log the success/failure > of > > > the queries? > > > > Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5) > > will provide a new logging category that can log the information you > > seem to want: > > > > 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) > for ./IN/NS at query.c:3887 > > > > --- > > JINMEI, Tatuya > > Internet Systems Consortium, Inc. > > ___ > > bind-users mailing list > > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: client query logging (refused message)
62.109.4.89 and 195.68.176.4 are compromized/attackers See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux- help/140848-var-log-messages-question.html Sample log entries: Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query (cache) './NS/IN' denied Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query (cache) './NS/IN' denied Frequency: 40 to 90 queries from those hosts per minute. -- Chris On Feb 17, 2:19 pm, JINMEI Tatuya / 神明達哉 wrote: > At Tue, 17 Feb 2009 08:15:39 -0500, > > Matthew Huff wrote: > > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view > > external-in: query: . IN NS + > > ... > > > logged, and I have verified that the query is refused, but nothing in the > > log shows that it was refused. Is there anyway to log the success/failure of > > the queries? > > Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5) > will provide a new logging category that can log the information you > seem to want: > > 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) > for ./IN/NS at query.c:3887 > > --- > JINMEI, Tatuya > Internet Systems Consortium, Inc. > ___ > bind-users mailing list > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: client query logging (refused message)
At Tue, 17 Feb 2009 08:15:39 -0500, Matthew Huff wrote: > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view > external-in: query: . IN NS + > ... > > logged, and I have verified that the query is refused, but nothing in the > log shows that it was refused. Is there anyway to log the success/failure of > the queries? Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5) will provide a new logging category that can log the information you seem to want: 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) for ./IN/NS at query.c:3887 --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
client query logging (refused message)
In my logging global section I have: logging { channel audit_log { file "/var/log/named_audit.log" versions 128 size 4m; severity debug; print-time yes; print-category yes; }; ... category client { audit_log; }; ... }; and I get: ... 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view external-in: query: . IN NS + ... logged, and I have verified that the query is refused, but nothing in the log shows that it was refused. Is there anyway to log the success/failure of the queries? Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 Matthew Huff.vcf Description: Binary data smime.p7s Description: S/MIME cryptographic signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users